Foros de discusión

JAAS + PortalLoginModule + Liferay with MS-AD Authentication

Ryan Swenson, modificado hace 11 años.

JAAS + PortalLoginModule + Liferay with MS-AD Authentication

New Member Mensaje: 1 Fecha de incorporación: 9/05/12 Mensajes recientes
Hello,

I have configured Liferay LDAP Authentication using MS-AD, and users are able to log in. Within portlets I can access the user's data via ThemeDisplay methods. I will also need to leverage JAAS to obtain subject / principals data in both portlets and servlets., I followed a detailed set of steps on the Internet relative to Liferay + OpenLDAP + JAAS, and this did not work out, or I could not get it to work using email address, and mail as login IDs.

I have now turned to the default liferay JAAS com.liferay.portal.kernel.security.jaas.PortalLoginModule.

Here is my configuration as follows:

<jaas.config>
myrealm {
com.liferay.portal.kernel.security.jaas.PortalLoginModule required;
};


<Catalina ROOT.xml>
<Context path="" crossContext="true">
<Realm
className="org.apache.catalina.realm.JAASRealm"
appName="myrealm"
userClassNames="com.liferay.portal.kernel.security.jaas.PortalPrincipal"
roleClassNames="com.liferay.portal.kernel.security.jaas.PortalRole"
useContextClassLoader="false"
/>
</Context>

<portal-ext.properties>
portal.jaas.enable=true;
portal.jaas.auth.type=screenName
portal.jaas.strict.password=false
portal.jaas.impl=com.liferay.portal.kernel.security.jaas.PortalLoginModule

Does anyone see anything wrong with the above? I need help getting this to work. Literally I am needing to use this in one servlet in order to return the user, and their roles in order to invoke a custom back-end logon process and use the resulting token of that as input for viewing any portlets inside a page where each portlet invokes web services in a back-end system. The JAAS configuration / setup is my only outstanding issue at the moment.

Best Regards,
RJWS